PatchSiren cyber security CVE debrief
CVE-2026-4312 DrangSoft CVE debrief
A critical vulnerability was discovered in the GCB/FCB Audit Software developed by Dragonsoft. The vulnerability, tracked as CVE-2026-4312, has a CVSS score of 9.3 and is classified as a Missing Authentication vulnerability. This vulnerability allows unauthenticated remote attackers to directly access certain APIs to create a new administrative account.
- Vendor
- DrangSoft
- Product
- GCB/FCB Audit Software
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-17
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-03-17
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of the GCB/FCB Audit Software developed by Dragonsoft should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by a missing authentication mechanism in the GCB/FCB Audit Software, allowing unauthenticated remote attackers to access certain APIs. This could lead to the creation of a new administrative account, potentially allowing attackers to gain unauthorized access to the system.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Implement additional security measures, such as authentication and authorization mechanisms, to protect against unauthorized access.
Evidence notes
The vulnerability was reported by [email protected] and is tracked as CWE-306.
Official resources
-
CVE-2026-4312 CVE record
CVE.org
-
CVE-2026-4312 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
CVE-2026-4312 was published on 2026-03-17T08:15:57.417Z and modified on 2026-06-05T14:25:21.680Z.